Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Installing new ssl certificate

Hi,

I have been asked to install a new ssl certifiacte on a Pix 515e. I believe the current certifcate was made in house and they now want to change this to a geotrust certificate. I've trauled through this forum and have found a few articles etc but am still unsure, Could anyone point me in the right direction?

Kind Regards

J Mack

11 REPLIES
New Member

Re: Installing new ssl certificate

Hi,

I'd be really grateful for some advice on this if anyone can help.

Many Thanks

J mack

Re: Installing new ssl certificate

Hello Johnny,

I dont see any problems in this.. anyway, what purpose are you going to use this certificate ? Do you have SSL VPNs configured or some other kind of https interface to the firewall ? This will not hamper any performance.. i hope u have the docss to enable the new certificate.. you can use the ASDM for this...

1. Import certificate

- Navigate to Properties > Certificate > Import Certificate.

- Select your trustpoint.

- Import the certificate issued to you by Verisign either by uploading the file or cut and paste.

5. Apply the certificate to a specific interface (likely your outside

interface)

- Navigate to Properties > SSL.

- At the bottom half, select the interface. Click Edit.

- Select your trustpoint.

Hope this helps.. all the best.. rate replies if found useful..

Raj

New Member

Re: Installing new ssl certificate

Hi,

Thanks alot for your response, the certificate is for a citrix web interface. just to clarify i'll just need a valid certifiacte from in this case from geotrust which i save locally then import through asdm?

Can i just ask what i should be selecting as my trustpoint?

Kind Regards

J Mack

Re: Installing new ssl certificate

hello Johnny

Have a look at this URL.. pretty useful for configuring the ASDM with citrix connectivity...

http://www.cisco.com/en/US/partner/products/ps6121/products_configuration_guide_chapter09186a0080623ab4.html

it has a step-by-step instruction... hope this helps.. let me know..

Raj

New Member

Re: Installing new ssl certificate

Hi,

Thanks again, sorry to be a pain but my CCO login is not working for that document? I've just logged into cisco.com fine but when navigating to that url it's asking me for my CCO and not taking it?

Regards

J Mack

Re: Installing new ssl certificate

Johnny

you will need to contact your cisco partner to get your PICA CCO ID. they will give u this, if u have got a lot of cisco products.. anyway , am attaching the pdf version of the document..

Hope this helps. rate replies if found useful..

Raj

New Member

Re: Installing new ssl certificate

Hi,

Great thank you. I have a CCO already that allows me to get lastest software, ios etc, Do I just need extra permissions or something? It's just seems strange that they let me have the good stuff like the ASDM software and hold back on docuemtation, which is useless unless you already have the hardware to configure.

Anyway, Many thanks for your help.

J Mack

New Member

Re: Installing new ssl certificate

Sorry, one more quick question, for aquiring the licence do I generate the hash file from the PIX?

Thanks

J Mack

Hall of Fame Super Blue

Re: Installing new ssl certificate

Hi Johnny

Just for future reference. Generally you can just substitute the "partner" bit of the url ie.

Raj sent you this link

http://www.cisco.com/en/US/partner/products/ps6121/products_configuration_guide_chapter09186a0080623ab4.html

Just change the "partner" bit to "customer"

http://www.cisco.com/en/US/customer/products/ps6121/products_configuration_guide_chapter09186a0080623ab4.html

You still need you login but it should work.

HTH

Jon

New Member

Re: Installing new ssl certificate

Superb got straight in. Thanks a lot,

I don't suppose you know if im supposed to generate the hash file for requesting the certificate on the the PIX?

Many Thanks

J Mack

Hall of Fame Super Blue

Re: Installing new ssl certificate

Hi Johnny

Glad it helped.

Attached is link to obtaining a cert for a pix firewall. Let me know if you still have problems.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946c0.shtml#obtainpix

HTH

Jon

162
Views
15
Helpful
11
Replies